On Wed, Oct 17, 2012 at 4:55 PM, Bernhard R. Link wrote: > * Michael Gilbert <mgilb...@debian.org> [121017 22:19]: >> Anyway, reading again, I not sure that your reply actually considers >> build path sanitization problems, which is what my statement was >> about. > > I'm stating that doing all the builds on buildds will not avoid the > need to fix the package.
Ubuntu chose to come to that conclusion on this issue. > (Unless you are arguing that people locally > modifying their packages are supposed to get security problems). That is true: if there is a build path sanitization issue, then if the user chooses to rebuild the package they will get their own rogue paths. So, yes, we should always fix those issues when they're found, but at least for people using buildd'd packages, it's less of a problem. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=moucn6danyx5-hqenjzfufsaxgshahuem0_x4ox48z...@mail.gmail.com